dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
506
share rss forum feed


AzDragonLord

join:2003-10-21
Florence, AZ

Folder Redirect Issue

I'm in a 2008 R2 domain environment and I'm testing an idea of giving high school students folder redirects on their accounts. I want teachers to have access to each of the student folders on the server via a shortcut link to the root folder (for browsing files, adding documents, etc.).

It works great using my test accounts, but any document dropped onto a student's desktop (from the backend) that is created by someone else isn't accessible to the student without changing the file permissions manually.

This didn't used to be an issue with Server 2003, as any dropped document automatically inherited that user folder permissions. Can this behaviour be changed in Server 2008?
--
Praise the Gods, Do Good, Act Bravely.


quaker
Premium
join:2001-12-27
Rocky River, OH
can you give us a screen shot of the security on one of the students shares?


AzDragonLord

join:2003-10-21
Florence, AZ
reply to AzDragonLord
Click for full size
The "GUSDstaff" group (teachers) has nearly full control over the root and student folders (removed "Change permissions" and "Take Ownership").

I also (as a domain admin) cannot drop a file onto someone's desktop from the back end without changing file permissions afterward, so it might just be how M$ has written the server OS and might not be changeable.
--
Praise the Gods, Do Good, Act Bravely.


erPhantom

@rr.com
OK, if the teachers files are on the same partition as the students, and they are moving the files they won't inherit, as I recall ntfs rules. A copy should inherit. I managed a school network for years, and my solution was to have a shared folder for each assignment and have the students save completed work there using a specified file name. You may want to consider a folder for each teacher where work can be saved. Let the students find the right spot to save rather than have the teachers looking through everything

s_becker

join:2013-04-05
reply to AzDragonLord
Here is a link to KB article of microsoft about this topic. It applies to Windows 2k3 and older but may work for 2k8 and newer as well.
»support.microsoft.com/kb/310316
Hope this helps.


AzDragonLord

join:2003-10-21
Florence, AZ
reply to AzDragonLord
The whole "copy or move" issue works like you describe on a 2003 server, but for 2008 it appears to have changed. I've noticed anytime I copy a file into someone elses folder (from the backend), they don't have permissions to open the document until I manually add them. I'll just chalk it up as more of M$ restricting what we do and how we do it.
--
Praise the Gods, Do Good, Act Bravely.

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
said by AzDragonLord:

The whole "copy or move" issue works like you describe on a 2003 server, but for 2008 it appears to have changed.

If "copy" semantics are in place, then I don't see anything in that ACL that will result in some random student getting access. CREATOR_OWNER is a proxy for the user doing the copy.

Unless "test1" is a group identifier that includes the "random student" - but that ACE is explicitly not marked inheritable.